Cyber incident ripple effects lead to increased losses
Cybersecurity incidents that involve more than one party incur financial losses 13 times greater than those contained within a single organization according to a new report.
The study carried out by the Cyentia Institute for RiskRecon analyzed over 800 cyber incidents and their 'ripple effect' on multiple downstream organizations.
"Media headlines continue to fixate on the number of records breached within a single organization, but they rarely tell the full story," says Kelly White, CEO and co-founder of RiskRecon. "Most breach research doesn't explain the downstream impact of ripple events and that these incidents no longer simply impact a single organization. Together, Cyentia and RiskRecon are exposing an often-overlooked pattern: lacking proper third-party risk controls can contaminate the entire enterprise ecosystem where sensitive data is stored and shared."
The research used cyber loss database, Advisen, to gain an objective view into historical data made up of more than 90,000 cyber events. Of those events, Cyentia found that since 2008, more than 800 cyber incidents involved at least three organizations. And of these approximately 800 multi-party incidents, a total of 5,437 downstream loss events occurred -- that is organizations other than the primary victim impacted by cyber incidents. In fact, downstream entities affected by multi-party incidents outnumber primary victims by 850 percent. And to further highlight the significance of this analysis, based on historical insight, it's projected that multi-party incidents will continue to increase at an average rate of 20 percent a year.
The analysis shows that the sectors that possess the highest concentration of personal data and information (such as credit bureaus, banks, collection agencies and hotels) account for nearly 60 percent of all organizations generating ripple effects. These same industries also typically have large digital footprints, and often maintain extensive third-party relationships.
"As an industry, we've waited far too long to address the interconnected nature of today's risk landscape," says Wade Baker, founder of Cyentia Institute. "The startling truth from the data is that complex digital ecosystems fuel the kind of cyber incidents that send dangerous ripple effects across numerous organizations. Together with RiskRecon, we hope that our study looking at the increasing rate and severity of multi-party data loss events will instill an immediate response to improving the way we manage risk across every facet of business."
The full report is available from RiskRecon.
Image credit: fotogestoeber / Shutterstock